fossilfranv/setup_new_server_ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5aa84d6115
setup_new_server_ansible/playbook.yml
fossilfranv 5aa84d6115 first commit
2022-01-05 21:28:22 +01:00

123 lines
2.9 KiB
YAML
Raw Blame History

#################################################
# DO Community Playbooks: Initial Server Setup
#################################################
---
- hosts: all
become: true
vars_files:
- vars/default.yml
tasks:
# - name: Install Prerequisites
# apt: name=aptitude update_cache=yes state=latest force_apt_get=yes
#Sudo Group Setup
- name: Make sure we have a 'wheel' group
group:
name: "{{ create_user }}"
state: present
# - name: Allow 'wheel' group to have passwordless sudo
# lineinfile:
# path: /etc/sudoers
# state: present
# regexp: '^%wheel'
# line: '%wheel ALL=(ALL) NOPASSWD: ALL'
# validate: '/usr/sbin/visudo -cf %s'
# User + Key Setup
- name: Create a new regular user with sudo privileges
user:
name: "{{ create_user }}"
state: present
groups: "{{ create_user }}"
append: true
create_home: true
shell: /bin/bash
- name: Set authorized key for remote user
authorized_key:
user: "{{ create_user }}"
state: present
key: "{{ copy_local_key }}"
# - name: Disable password authentication for root
# lineinfile:
# path: /etc/ssh/sshd_config
# state: present
# regexp: '^#?PermitRootLogin'
# line: 'PermitRootLogin prohibit-password'
# Install Packages
- name: Update apt
apt: update_cache=yes
# - name: Install required system packages
# apt: name={{ sys_packages }} state=latest
# - name: Upgrade installed apt packages
# apt:
# upgrade: dist
# register: upgrade
# retries: 15
# delay: 5
# until: upgrade is success
- name: Ensure that these software packages are installed
apt:
pkg:
- build-essential
# - fail2ban
# - needrestart
# - pwgen
# - resolvconf
# - unbound
- unzip
state: latest
- name: Set ssh '{{ ssh_port }}' port number
lineinfile:
dest: /etc/ssh/sshd_config
regexp: 'Port '
line: 'Port {{ ssh_port }}'
state: present
notify:
- restart sshd
- name: Allow ssh port '{{ ssh_port }}'.
ufw:
rule: allow
proto: tcp
port: '{{ ssh_port }}'
state: enabled
- name: set timezone
timezone:
name: "{{ tmzone }}"
# UFW Setup
- name: UFW - Allow SSH connections
ufw:
rule: allow
name: OpenSSH
- name: UFW - Deny all other incoming traffic by default
ufw:
state: enabled
policy: deny
direction: incoming
handlers:
- name: restart sshd
service:
name: sshd
state: restarted
debug:
msg: "Restarting sshd"
# when: reboot_required.stat.exists == false
Reference in New Issue View Git Blame Copy Permalink